1. Fields of the Invention
The present invention generally relates to Security Identifier (SID) management of encrypted storage devices. More particularly, the present invention relates to recovering a SID when the SID was lost or was corrupted.
2. Description of the Prior Art
A storage device, e.g., a magnetic disk, an optical disk, a solid state drive, a hard disk, a compact disc, a digital versatile disc, a flash memory card, a direct access storage device (DASD), can encrypt all data that is stored in it. When data is written to the storage device, the storage device encrypts the data by using an encryption/decryption algorithm. When data is read from the storage device, the storage device decrypts the data by using the encryption/decryption algorithm. The encryption/decryption algorithm is made to be nearly impossible to decode encrypted data unless an encrypting key is known, resulting in a high level of data security. The encryption/decryption takes place on the storage device itself and is managed by a firmware (i.e., a computer program that is embedded in a hardware device) on the storage device.
The firmware enables access to encrypted data by means of a SID which is set, prior to using the storage device, to a private value understood only by an owner of the data. The SID refers to an alphanumeric character string used for uniquely identifying a user or a group. Alternatively, the SID refers to a piece of information (a parameter) used to encrypt and/or decrypt data. The SID is used to lock and unlock access to a storage device and therefore data in the storage device. The data on the storage device is inaccessible while the storage device is in a locked state, (i.e., a state which only allows a user who has a valid SID to access data in the storage device).
SIDs are stored in a separate machine which manages and issues the SIDs. In order to unlock a storage device and to gain access to data in the storage device, a user or a computing device obtains a SU) from the machine and applies the SID to the storage device to access the data in the storage device. However, the machine may become corrupted. So, the SID that the machine provided may be an invalid SID. Alternatively, a SID can be corrupted between a point that the SI) is retrieved from the machine and a point that the SID is applied on a storage device.
A result of losing a validity of a SID is that a complete set of data can become permanently locked and inaccessible. If the SID is corrupted, all users who store data in storage device(s) associated with the SID can be affected. If a shared SID used for an entire storage devices becomes corrupted or lost, all the data in the storage devices cannot be recovered because the data cannot be decrypted.
Thus, it would be desirable to provide a method and system for unlocking a storage device that has become locked or cannot be unlocked in a case of that a key or SID of the storage device becomes lost or corrupted.